This invention relates to a system for maintaining the security of information employed in electronic data processing.
During the past few years there has been rapidly growing interest in information security, not only for the safeguarding of fiduciary and other files having intrinsic value, but for improving access control over sensitive data, including personal information, while procedures are being upgraded to meet present and anticipated privacy requirements.
Vast amounts of money and high-grade talent have been expended in defining and developing more nearly secure systems. Those who have studied the problems thoroughly are among the least complacent about the adequacy of their solutions. Systems once thought highly secure are now viewed as readily penetrable.
One basic tool that is clearly definable and broadly applicable is the encryption of data into cipher while in transit through non-secure parts of systems in order to make it less readily accessible to unauthorized users.
The National Bureau of Standards (NBS) has selected and published a Federal Data Encryption Standard (DES); see Federal Register, Mar. 17, 1975, Vol. 40, No. 52, pp. 12,067-12,250, at 12,134 through 12,139. The announcement states that "Data may be protected against unauthorized disclosure by generating a random key and issuing it to the authorized users of the data. The cipher that has been produced by performing the steps of the encryption algorithm on data using a particular key can only be returned to the original data by use of the decryption algorithm using the identical key. Unauthorized recipients of the cipher who may have the algorithm but who do not have this key cannot derive the original data."
Cryptographic systems are described in U.S. Pat. Nos. 3,796,830 and 3,798,359 which may be employed in the present invention; other known algorithms may also be used.